Re: [Qemu-devel] [PULL 14/26] tests/tcg/arm: add ARMv6-M UNDEFINED 32-bit instruction test

[Peter Maydell]

On Tue, 12 Mar 2019 at 17:09, Alex Bennée <address@hidden> wrote:
>
> From: Stefan Hajnoczi <address@hidden>
>
> Test that 32-bit instructions declared UNDEFINED in the ARMv6-M
> Reference Manual really do raise an exception.  Also test that the 6
> 32-bit instructions defined in the ARMv6-M Reference Manual do not raise
> an exception.
>
> Based-on: <address@hidden>
> Signed-off-by: Stefan Hajnoczi <address@hidden>
> Message-Id: <address@hidden>
> [AJB: integrated into system tests]
> Signed-off-by: Alex Bennée <address@hidden>

So I just tried running this test with a QEMU built with
clang's undefined-behaviour sanitizer, and it reveals a bug
in our elf loader code:

e104462:bionic:qemu$ make -C build/arm-clang/ check-tcg
make: Entering directory
'/home/petmay01/linaro/qemu-from-laptop/qemu/build/arm-clang'
make[1]: Entering directory '/home/petmay01/linaro/qemu-from-laptop/qemu/slirp'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/petmay01/linaro/qemu-from-laptop/qemu/slirp'
  BUILD   debian9
  BUILD   debian-armhf-cross
  BUILD   TCG tests for arm-softmmu
  BUILD   arm guest-tests with arm-linux-gnueabihf-gcc
  RUN     TCG tests for arm-softmmu
  BUILD   arm guest-tests with arm-linux-gnueabihf-gcc
  RUN     tests for arm
  TEST    test-armv6m-undef on arm
/home/petmay01/linaro/qemu-from-laptop/qemu/include/hw/elf_ops.h:175:11:
runtime error: null pointer passed as argument 1, which is declared to
never be null
/usr/include/stdlib.h:828:30: note: nonnull attribute specified here
[...]

I think what's happening here is that the ELF file being
loaded has no function symbols, so in the load_symbols
function nsyms is 0, and g_realloc(syms, nsyms * sizeof(*syms))
returns NULL. We then pass that to qsort(), which is bad
because qsort() mandates a non-NULL pointer.

thanks
-- PMM